Technical Role
SOC staff monitor information systems for alarms and conditions to prevent, detect and manage cyber-attacks and other IT security incidents. They normally follow processes and procedures based on information security management and computer security incident management. They often employ tools such as network discovery and vulnerability assessment systems; governance, risk and compliance (GRC) systems; web site assessment and monitoring systems, application and database scanners; penetration testing tools; intrusion detection systems (IDS); intrusion prevention system (IPS); log management systems; security information and event management (SIEM); network behavior analysis and denial of service monitoring; wireless intrusion prevention system; firewalls, enterprise antivirus and unified threat management (UTM).
The SOC typically scans applications and identifies security vulnerabilities and their potential business impact. The SOC works with the application business owners and IT staff to ensure understanding and help them appropriately correct weaknesses before they are exploited. The SOC also monitors applications to identify a possible cyber-attack or intrusion (event) and determine if it is a real, malicious threat (incident), and if it could have business impact. The SOC manages incidents for the enterprise, ensuring they are properly identified, analyzed, communicated, actioned/defended, investigated and reported.
SOC engineers and watch officers are seasoned information and communication systems professionals. They are usually trained in computer engineering, cryptography, network engineering, or computer science and are credentialed (e.g. Certified Information Systems Security Professional (CISSP) from (ISC)², GIAC from SANS, or Certified Information Security Manager (CISM) from ISACA).
SOCs usually are well protected with physical, electronic, computer, and personnel security. Centers are often laid out with desks facing a video wall, which displays significant status, events and alarms; ongoing incidents; a corner of the wall is sometimes used for showing a news or weather TV channel, as this can keep the SOC staff aware of current events which may have an impact on information systems. The back wall of the SOC is often transparent, with a room attached to this wall which is used by team members to meet while able to watch events unfolding in the SOC. Individual desks are generally assigned to a specific group of systems, technology or geographic area. A security engineer or security technician may have several computer monitors on their desk, with the extra monitors used for monitoring the systems covered from that desk.
Read more about this topic: Security Operations Center (computing)
Famous quotes containing the words technical and/or role:
“A technical objection is the first refuge of a scoundrel.”
—Heywood Broun (1888–1939)
“The Declaration [of Independence] was not a protest against government, but against the excess of government. It prescribed the proper role of government, to secure the rights of individuals and to effect their safety and happiness. In modern society, no individual can do this alone. So government is not a necessary evil but a necessary good.”
—Gerald R. Ford (b. 1913)